Fauxx is an open-source Android privacy tool that poisons data broker and ad-tech profiles by generating continuous, plausible, off-demographic synthetic activity from your device. The goal is simple: make your real behavioral signal statistically indistinguishable from noise.
Not my project, but though this is really cool and worth sharing.
No relation
I wonder if you could set up a second phone that is logged in with all your accounts, then use it for FAUXX, currently concerned about battery usage / background usage of device.
Like, does it need to be running continuously ALL DAY to effectively poison? Or is sometimes usage helpful? Second phone idea solid?
Anyone understand the data collection better have thoughts?
This method wouldn’t combat device fingerprinting, so it would be trivial for everyone but the aggregate data brokers to filter out as noise.
For a strategy like this to work, your legitimate traffic needs to be indistinguishable from the random traffic.
So basically it has to be running while you’re using it, and on the device your primarily use?
not necessarily. if ‘you’ are sending traffic, i (someone interested in your data) don’t really care where it comes from. Em is correct that it’s trivial to filter out, but it’s also another data point that is interesting and potentially relevant for them, so in practice they won’t.
tracking has gotten to the point where they can infer connections based off of users that have no interaction but otherwise share a location for a period of time (think coffee shop wifi, work). you have things in common with those people. maybe not a lot, but enough to be relevant in someone’s dataset somewhere.
so no, it doesn’t have to be running on your primary device to be relevant. i’d argue that it simply being on your home network would be enough.
I just found this app on droidify, really cool idea. Id love to see something similar on Linux. (imnotsure if something like that already exists)
That’s cool!
Interesting, how useful is it if I’m always behind a VPN and browse privately (hardened browser, ad blocker, no-script, never logged in etc.)?
May be wrong but the way I see it it doesn’t help me much?
i only did a quick readthrough so my understanding of how it works is probably flawed. that said:
you could consider split-tunneling a browser outside of your normal stack for fauxx to pollute. that way your real activity remains as close to “ghost” as possible, and gives your device a fake fingerprint that will fool anyone not directly targeting you.
the reason I’d suggest doing it that way is that nobody’s personal device hygiene is perfect. flooding with synthetic data is a great way to help conceal when you slip up.
Go further. I’m listening like a regard trying to understand
you’re kind of giving me a blank slate to talk here so let me hit the biggest point that is tangential to this conversation.
the easiest point for me to make is that if, on your phone, you bought your SIM card (and attached phone number) with payment info that can be tracked to your bank and your real name, your location is compromised whenever that card is online. this is something that the vast majority of privacy enthusiasts either neglect due to lack of knowledge, or cannot afford to remove from their threat profile due to the pervasiveness of cell networks in day to day life.
The most recent example i can give of this being necessary to consider in your privacy posture: In the US, ICE is using this combination of personal information and compromised locations to focus their efforts in neighborhoods with a primarily minority population.
whenever that card is online
Do you mean when the card is an active card viable for use? Or stored in the phone somehow? I’m curious what online means and if I am doing it… I don’t have any payments connected to a mobile phone but I do have a SIM card, probably paid for with a now expired card.
basically, a SIM is what connects your phone to your mobile provider’s network. Any time you want to use that infrastructure (the phone turns on, you turn off airplane mode, you turn on your eSIM) your phone makes a request to the network, which requires an authentication via the IMSI number provided by the SIM. When this happens, your location is triangulated and your status as a cell network subscriber is verified. this process also happens periodically, and more frequently if you’re on the move. The technical reason for this is that your phone needs to know which towers to route requests to, and that you are paying for the service.
Theoretically, your phone is capable of being triangulated even without a SIM. However, for this to happen (outside of calling emergency services) as far as I’m aware this requires some sort of device compromise and is therefore out of most people’s scope. If you’re paranoid of tracking, remove your sim (or disable it if it is an eSIM) and if you’re super paranoid, grab a faraday bag to put it in.
let me know if i didnt explain anything well enough.
Thanks! Now I think that when you said “card is online” you meant the SIM card, not credit card. I use an alternative OS that, as I understand it, does a little to offset the tracking but it is, indeed, outside of my scope! I mostly have my phone on airplane mode, even away from home, but of course not always. I do know that this OS eliminates the ability for the phone to call home when on airplane mode.
